From ea8eda35a7bd831964c38b38cc9a5b19bcb44d6a Mon Sep 17 00:00:00 2001
From: 0livd <0livd@users.noreply.github.com>
Date: Thu, 18 May 2017 10:48:09 +0100
Subject: Public project creation and admin permissions (#210)

* Add a @requires_admin decorator

It can be used to protect specific endpoints with ADMIN_PASSWORD
(a password that is stored unencrypted in the settings)
The decorator has no effect if ADMIN_PASSWORD is an empty string (default value)

* Require admin permissions to access create project endpoint

When ADMIN_PASSWORD is not empty, project creation form on the
home page will be replaced by a link to the create project endpoint
so one is able to enter the admin password before filling the form
---
 budget/forms.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'budget/forms.py')

diff --git a/budget/forms.py b/budget/forms.py
index f446475..06df743 100644
--- a/budget/forms.py
+++ b/budget/forms.py
@@ -83,6 +83,11 @@ class AuthenticationForm(FlaskForm):
     submit = SubmitField(_("Get in"))
 
 
+class AdminAuthenticationForm(FlaskForm):
+    admin_password = PasswordField(_("Admin password"), validators=[Required()])
+    submit = SubmitField(_("Get in"))
+
+
 class PasswordReminder(FlaskForm):
     id = StringField(_("Project identifier"), validators=[Required()])
     submit = SubmitField(_("Send me the code by email"))
-- 
cgit v1.1